Authenticate Windows Authentication using Javascript

倾然丶 夕夏残阳落幕 提交于 2019-11-26 23:08:39

问题


I have to transfer my client from one website to another website. This happens in client side. In this 2nd website, its using windows basic authentication system. So It popups the login window. I need to omit this Popup window and authenticate my client on 2nd website using javascript and then redirect him to 2nd website. There is no security issue even I put credentials in javascript file since this whole system is running in Intranet. So How to authenticate client on 2nd website ?

I found this thread How can I pass windows authentication to webservice using jQuery?

But it does not work. When I look the request header of 2nd url, It does not contain the Authorization tag.


回答1:


If it is basic authentication and you don't mind exposing the credential, why don't you simply insert username and password into the URL? For example:

http://username:password@www.domain.com

But if you have control over the Web server, you really should disable authentication for intranet connections.




回答2:


If it is a Windows based intranet, I would not hassle with Javascript, but use the default NTLM-Authentication, as described in this thread. That way, you can provide a single-sign-on for any number of sites with the normal username and password of the users of your network. To quote my answer from the other thread:

It actually is possible with NTLM authentication. You need the AuthenNTLM-plugin, which will authenticate a user using the Internet Explorer. An example syntax would be

<Location />
    PerlAuthenHandler Apache::AuthenNTLM 
    AuthType ntlm,basic
    AuthName test
    require valid-user

    #                    domain             pdc                bdc
    PerlAddVar ntdomain "name_domain1   name_of_pdc1"
    PerlAddVar ntdomain "other_domain   pdc_for_domain    bdc_for_domain"

    PerlSetVar defaultdomain wingr1
    PerlSetVar ntlmdebug 1
</Location>
## taken from the documentation

Please refer to the module documentation for more options and specific instructions on the setup - the above should get you started in the right direction.

On the client side, Internet Explorer and Firefox should be able to login automatically after some configuration (Firefox needing a bit of special care - which may be achieved by setting the configuration variables during deployment).




回答3:


If this is Windows Authentication, then the response won't be prompting the client for credentials, the browser will be attempting to pass the credentials itself already. It does not quite work the way HTTP does -- you actually need to configure the browser itself to to have it send the authorization based on Windows credentials.

It does not appear that there is a simple JS solution to this at all.



来源:https://stackoverflow.com/questions/6748050/authenticate-windows-authentication-using-javascript

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!